Академический Документы
Профессиональный Документы
Культура Документы
ENVIRONMENT
Chapter 7
Prepared and Reported by: Calagui, Mary Joy M.
Minglana, Mitch T.
CHARACTERISTICS OF COMPUTER
INFORMATION SYSTEMS (CIS)
Lack of visible transaction trails
Consistency of performance
Ease of access to data and computer programs
Concentration of duties
Systems generated transactions
Vulnerability of data and program storage media
INTERNAL CONTROL IN A CIS
ENVIRONMENT
A variety of controls are performed to check accuracy,
completeness, and authorization of transactions.
Systems Computer
Librarian
Analyst Operator
Data Entry
Programmer Control Group
Operator
GENERAL CONTROLS
Systems Development and Documentation Controls
Access Controls
Data Recovery Controls
Monitoring Controls
APPLICATION CONTROLS
Controls over input
Key verification
Field check
Validity check
Self-checking digit
Limit check
Control totals
Controls over processing
Controls over output
TEST OF CONTROL IN A CIS
ENVIRONMENT
In testing application controls, the auditor may either:
Audit around the computer; or
Use Computer-Assisted Audit Techniques
AUDITING AROUND THE
COMPUTER
Auditing around the computer can be used only if there are
visible input documents and detailed output that will enable the
auditor to trace individual transactions back and forth.
This is also known as “black box approach” because it does
not permit direct assessment of actual processing of transactions.
COMPUTER ASSISTED AUDIT
TECHNIQUES (CAATs)
CAATs are computer programs and data which the
auditor uses as part of the audit procedures to process
data of audit significance contained in an entity’s
information system.
Some of the commonly used CAATs include test data,
integrated test facility and parallel simulation.
TEST DATA
Auditor’s Test
Data
Processed using
client’s program
Processed using
client’s program
Compare Auditor’s
Output
Manually Expected Output
PARALLEL SIMULATION
Client’s Data Client’s Data